1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for multicomputer data transferring. Still more particularly, the present invention provides a method and apparatus for multicomputer distributed resource management.
2. Description of Related Art
An individual interacts with many enterprises, e.g., institutions, organizations, and corporations, that maintain information about the individual for various purposes. In modern society, this information is maintained electronically, which allows the information to be processed much more efficiently than paper documents. However, concerns about the privacy of electronically managed information have grown with the adoption of Internet-based services, which allows enterprises to share information easily. Privacy has been defined as “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”, Westin, Privacy and Freedom, 1967.
Due to regulation and consumer concerns, many enterprises are having to re-evaluate their privacy management operations, such as the manner in which they handle personally identifiable information (PII) that they collect about individuals.
As a first step towards managing personally identifiable information, responsible enterprises usually create, implement, and enforce a privacy policy. Before an enterprise collects a user's personally identifiable information, the enterprise should obtain the user's consent to the privacy policy and should collect the user's preferences on any options that the enterprise may provide with respect to the manner in which the enterprise manages the user's personally identifiable information. FIG. 2A depicts a simple diagram showing an exchange of privacy promises 202 from a server 204 to a user 206 in exchange for the user's consent to the privacy promises and a selection of the user's privacy preferences 208.
The privacy policy generally includes a set of promises that an enterprise makes to users of services that are provided by an enterprise. At a low level, these privacy promises can be captured to some degree in a machine-readable format. An example of this is the Platform for Privacy Preferences Project (P3P), which has been developed by the World Wide Web Consortium; P3P has emerged as an industry standard for providing an automated way for users to gain more control over the use of personal information that is collected and managed by web sites which the users visit. P3P provides a mechanism for disclosing the manner in which a site handles personal information about its users; P3P-enabled web sites make this information available in a standard, machine-readable format, and P3P-enabled browsers can use this information automatically by comparing it to a user's previously-selected privacy preferences.
The privacy promises in the privacy policy state, at a high level, how the enterprise manages and possibly disseminates any personally identifiable information. For example, a privacy policy can be in human-readable format, such as text within a web page that includes legal terminology. FIG. 2B shows a graphical user interface window 210 that might appear when a user is perusing a web site; window 210 is a pop-up window that might appear on a user's screen in response to execution of a script that is embedded within a web page document that has been received by the user's browser application on a client device. The intention of window 210 is to provide notice to the user concerning the enterprise's, i.e. the web site operator's, privacy policy and to obtain an acknowledgment from the user that the user has read the privacy policy, e.g., by forcing the user to select check box 212 before the user can continue with an operation within the web site; the selection of hyperlink 214 will present the privacy policy in a human-readable format for the user, possibly by presenting another pop-up window on the user's screen or by directing the web browser to retrieve another web page. Window 210 also collects user preferences concerning some options with respect to the enterprise's privacy policy. Check box 216 gives the user control over an action that the enterprise might perform while using the user's personally identifiable information. Check box 218 gives the user control over whether the enterprise may share some of the user's personally identifiable information with other enterprises. “OK” button 220 closes window 210.
Using a mechanism similar to that shown in FIG. 2B, a user acknowledges the enterprise's privacy policy and indicates their acceptance to the privacy policy. This may also involve the user selecting some personal privacy preferences with respect to the management of the user's personally identifiable information. Once the user has acknowledged the privacy policy and indicated the user's preferences, then the enterprise can collect the user's personally identifiable information.
Current enterprise mechanisms for providing privacy promises and for collecting user consent and preferences require the implementation of privacy policy management within each application that is provided by the enterprise. For example, each web page that may cause the collection of personally identifiable information is modified to include links to the privacy policy along with web-based forms containing input controls for user-entry or user-selection of user preferences and consent. FIG. 2C shows a typical organization of privacy policy management within an enterprise domain 222 that is operating an e-commerce web site in which multiple e-commerce applications 224-228 are individually responsible for sending the enterprise's privacy policy to the user/client 230 and for individually collecting the user's consent and preferences to the privacy policy.
Each e-commerce application that is shown in FIG. 2C may be concerned with privacy policy issues with respect to different types of personally identifiable information, thereby requiring slightly different operations for collecting user consent and user preferences with respect to the different types of personally identifiable information. Hence, the prior art approach that is depicted in FIG. 2C is problematic. Each application that collects personally identifiable information must be modified to include privacy-related functionality, which may require multiple changes to different parts of each application. Application development costs increase as each application needs to be enhanced to include the privacy functions.
In addition, user consent and preferences are often collected multiple times within a single enterprise, possibly with the different applications collecting different data. Users of the enterprise services have dissatisfying experiences when navigating enterprise services and confronting a bewildering set of privacy-related operations. Moreover, an enterprise might not be sure that there is a consistent implementation of privacy-related functions within all applications. For example, the enterprise may be operating an application that collects data without providing users with appropriate notice, consent, and preference choices; subsequent discovery and remedy of such situations can greatly increase user dissatisfaction with the enterprise.
Therefore, it would be advantageous to have a method and system for implementing coherent, enterprise-wide, privacy-related functionality.